Reduce Internet Attack Surfaces That Are Visible To Anyone On Web-Based Search Platforms.
While zero-day attacks draw the most attention, frequently less-complex exposures to both cyber and physical security are missed.
CISA has developed a How-to Guide to help you assess your IoT/IIOT – all of your Internet-connected computers and industrial devices – and take risk mitigation steps.
Key Takeaways:
ASSESS YOUR POSTURE You have probably done a lot to secure your facilities. However, without visibility into your assets that are accessible across the Internet, you may not fully understand your potential for being attacked. While many people use search engines to find cat pictures, cyber attackers commonly use similar tools to locate Internet-connected IIoT devices. In fact, once a device is identified, hacking is not even required in many cases – for example, if default and maintenance passwords are in-use, the adversaries’ job is easy as they just flip a switch to exploit.
EVALUATE AND REDUCE YOUR EXPOSURE After you know which assets are exposed, decide which need to be open to the Internet. Once you evaluate necessary exposure, assess how changes will affect your assets and any potential impacts to your operations. This step is important to ensure actions associated with vulnerability remediation are performed with full knowledge of safety risk and unintended consequences are avoided based on the specific implementation plan. Also, consult with your utilities, business partners, and asset owners you do business with to ensure interdependencies are considered.
HARDEN AND MITIGATE YOUR RESIDUAL EXPOSURE Protect and reduce your risk of business interruptions from cyber-attacks; get your Stuff Off Search (S.O.S.)! CISA has developed a How-to Guide to help you assess your IoT/IIOT – all of your Internet connected computers and industrial devices – and take risk mitigation steps. This can include changing default passwords, implementing robust patch management, installing a virtual private network (VPN), and, using multi-factor authentication. Secure your assets where possible!
ESTABLISH ROUTINE ASSESSMENTS While it’s important to get your Stuff Off Search, it’s equally important to make these practices routine. As IT and business needs change, continuously monitor your IoT/IIoT and other critical assets to ensure that you always know when they are exposed on the Internet. Remain vigilant in keeping your assets protected– regular cyber hygiene is important. Our globally connected society means we will always be vulnerable – but, through regular cyber hygiene, you don’t have to be exposed!
To learn more about the CISA How-to Guide